Sunday, March 23, 2008

Arthur C Clark dies, and Space.com gets hacked!

Seriously though, uplink.space.com (careful) has had an iframe injected into it, and it's reaching out to another seemingly hacked site (www.forvideo.at - careful),

and launching a encrypted javascript

that turns out to be a simple and venerable MS06-014 exploit.

It's not an exploit pack, so it's just a single exploit, and it's tracking IPs, so it'll only come once, but it's there.

And the exploit is only an MS06-014, but the point is that if the website is vulnerable enough to have a mouldie old exploit injected, it could have something much newer and fiercer. Space.com needs to fix their website, and we've sent them an email about it. Hopefully they will, because they get an awful lot of visitors each month.